It would be unwise to post any information about this vulnerability before they were ready to release an update. Otherwise millions of blogs would be wide open until they were able to update. Looking at the changes, I'm not 100% sure the vulnerability could be exploited without the help of a poorly coded filter, but it was still an issue they wouldn't have announced without having an immediate fix.
|